惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

New in Feedly

Feedly completes SOC 2 Type 2 examination | Feedly VirusTotal Integration: Triage IOCs Faster in Feedly | Feedly Feedly Best Practices for CTI Teams | Feedly GreyNoise + Feedly Threat Intelligence: Enriching IoCs | Feedly 7 AI Prompts for Cyberattack Pattern Analysis | Feedly Navigate Feedly Faster with Go To | Feedly Navigate Feedly Faster with Go To Introducing Feedly ThreatBeats: Your daily intel jingles | Feedly Introducing Feedly ThreatBeats: Your daily intel jingles 6 Ways to Automate Threat Intelligence with the Feedly API | Feedly Get threat intelligence to your team fast, in the tools they already use | Feedly Tracking the cyber consequences of geopolitical events | Feedly Analyze your closed-source intelligence in Feedly | Feedly Cyberattack Insights Cards: A dynamic 360° attack view | Feedly Cyberattack Insights Cards: A dynamic 360° attack view 7 ways to prioritize CVEs by how they're exploited | Feedly Ask AI on Threat Actor Insights Cards: Accelerate adversary research with custom queries | Feedly Research IoCs with rich context in seconds, not hours | Feedly Surface top threats in CTI newsletters | Feedly The Scanner: Exploring Potential Futures | Feedly The Radar: Detecting emerging signals | Feedly Prompt Engineering: Newsletter template for real-time phishing trends | Feedly The Monitor: Tracking the known present | Feedly Startup Innovation Radar: A real-time startup database | Feedly The InsightOS architecture | Feedly Feedly MCP Server: Automate CTI workflows with Claude and the Feedly Threat Graph | Feedly Feedly MCP Server: Automate CTI workflows with Claude and the Feedly Threat Graph Strategic intelligence at the speed of change | Feedly Examples on how to track relevant cyberattacks | Feedly Feedly x Slack integration | Feedly CTI AI Prompt: Generate red team emulation plans with Feedly | Feedly Cyberattack Agent: Discover and monitor relevant cyber attacks | Feedly Uncover emerging trends within your industry | Feedly Effortless onboarding for new team members in Feedly | Feedly Feedly’s CVSS Estimate Score - Bridging the gap to enhance vulnerability intelligence | Feedly Unlock market intelligence insights in 15 languages | Feedly Track innovations in your industry with 9 new AI Models | Feedly CVE Insights Cards: Comprehensive, real-time intelligence | Feedly Turn press releases into competitive signals | Feedly Accelerate your research with prompt suggestions in Ask AI | Feedly Conducting historical searches with Feedly | Feedly How to optimize your Emerging Trends Dashboard to surface relevant trends | Feedly How to optimize your Emerging Trends Dashboard to surface relevant trends Feedly Threat Intelligence + ThreatConnect: Enhance context in your TIP | Feedly Feedly Threat Intelligence + ThreatConnect: Enhance context in your TIP Unlock strategic signals from LinkedIn with Feedly Market Intelligence | Feedly Unlock strategic signals from LinkedIn with Feedly Market Intelligence Unlock industry insights to drive smarter decisions | Feedly Unlock industry insights to drive smarter decisions Prompt engineering: Explore CVE chaining potential | Feedly Prompt engineering: Explore CVE chaining potential Ask AI in CVE Insights Cards—precise answers for faster prioritization | Feedly Ask AI in CVE Insights Cards—precise answers for faster prioritization Prompt engineering: Build a report on AI agents in seconds | Feedly Prompt engineering: Build a report on AI agents in seconds Prompt engineering: Generate vulnerability advisories at scale | Feedly Prompt engineering: Generate vulnerability advisories at scale Further fine-tune your AI Feeds with Natural Language Filters for Threat Intelligence | Feedly Further fine-tune your AI Feeds with Natural Language Filters for Threat Intelligence Fine-tune your Feedly AI Feeds with Natural Language Filters for Market Intelligence | Feedly Fine-tune your Feedly AI Feeds with Natural Language Filters for Market Intelligence PDFs in Feedly: Turn static PDFs into actionable threat intelligence | Feedly PDFs in Feedly: Turn static PDFs into actionable threat intelligence PDFs in Feedly: Read and extract market intelligence faster | Feedly Multilingual AI: global threat intel, without language barriers | Feedly Multilingual AI: global threat intel, without language barriers Prompt engineering: Generate a report on the recent news about tariffs | Feedly Prompt engineering: Generate a report on the recent news about tariffs Prompt engineering: Conduct a Diamond Model of Intrusion Analysis | Feedly Prompt engineering: Conduct a Diamond Model of Intrusion Analysis New Feedly Ask AI: Synthesize threat reports & articles in minutes with high accuracy | Feedly New Feedly Ask AI: Synthesize threat reports & articles in minutes with high accuracy AI in Threat Intelligence Newsletters: Faster creation, bigger impact | Feedly AI in Threat Intelligence Newsletters: Faster creation, bigger impact
Connect Feedly to OpenCTI: Real-Time Threat Intel, Automated | Feedly
Shawn Jaques · 2026-05-29 · via New in Feedly

15-Second summary

OpenCTI consolidates structured threat intelligence into a connected knowledge graph, but getting raw data structured, filtered, and formatted as STIX is the hard part. That's exactly what Feedly does. Feedly's AI monitors thousands of open-source channels, extracts key entities, maps relationships, and delivers clean STIX 2.1 intelligence scoped to your priority intelligence requirements.

With Feedly Threat Intelligence connected to OpenCTI, you can:

  • Automatically populate your knowledge graph with relevant, structured intelligence from thousands of open-source channels.
  • Start investigations with rich context; every entity is enriched with threat actors, TTPs, malware, CVEs, IoCs, and their relationships.
  • Turn raw reports into ready-to-ingest STIX structures, ready for OpenCTI to ingest without cleanup or reformatting.

If you've invested in OpenCTI, Feedly Threat Intelligence helps you turn it into a knowledge graph that's ready for work.

A knowledge graph is only as good as what flows into it

OpenCTI gives CTI teams a powerful foundation for organizing, correlating, and operationalizing threat intelligence. But the platform doesn't collect intelligence on its own. To get the most out of it, teams need a reliable way to feed it with high-quality, relevant data, consistently and at scale.

Most teams rely on IoC-heavy commercial feeds that deliver volume without narrative context, leaving threat actor profiles thin and TTP coverage patchy. Analysts make up the difference manually: reading blogs, pulling reports, and copying data into the platform. Collection consumes hours that should be going toward analysis.

The result is a team spending more time on data management to feed the knowledge graph, than actual analysis.

Feedly Threat Intelligence automates the collection, processing and filtering layers. It continuously monitors thousands of open-source channels and uses AI to extract, structure, and deliver intelligence directly into OpenCTI, so your knowledge graph reflects the current threat landscape without requiring your analysts to build it manually.

Use AI Feeds to focus on what's actually relevant

Not all open-source intelligence is relevant to your organization. Feedly's AI Feeds solve the signal-to-noise problem before anything reaches OpenCTI.

AI Feeds are continuously updated streams of intelligence from over 10,000 open sources, filtered to your organization's specific threat profile: the threat actors targeting your sector, the malware families relevant to your tech stack, and the vulnerabilities that matter to your infrastructure.

You can also define your own trusted sources (specific blogs, vendor advisories, government feeds, or ISACs your team already relies on) and pull structured intelligence exclusively from those channels. This gives you full control over provenance, so your knowledge graph reflects the sources your analysts actually trust.

You can organize AI Feeds or Folders by intel requirements, and the connector continuously pulls from those curated streams. What flows into OpenCTI is curated intelligence scoped to what your team is actually tracking.

Feedly AI Models and the Threat Graph extract and enrich threat data

Feedly's AI Models automatically identify key entities within each article: IoCs (IPs, domains, hashes, URLs, email addresses, and registry keys), CVEs, malware families, threat actors, TTPs, cyberattacks, etc.

The Threat Graph maps the relationships between extracted entities: which threat actor is using which malware, which CVE is being exploited in which campaign, which TTPs are associated with which intrusion set. These relationships are built from the source reporting itself, preserving the analytical context that makes intelligence meaningful.

By the time intelligence leaves Feedly, it's no longer unstructured text. It's a set of connected entities with documented relationships, ready to enrich your knowledge graph rather than just add to it.

Structured for OpenCTI: STIX 2.1 out of the box

OpenCTI is built natively on the STIX 2.1 standard, and so is Feedly's output.

Every piece of intelligence the connector delivers is formatted as a STIX 2.1 bundle: threat actors, malware, TTPs, indicators, vulnerabilities, and the relationships between them are all expressed as proper STIX objects. They map directly to OpenCTI's data model without transformation or cleanup on your end.

This means the intelligence that lands in your knowledge graph is immediately usable, correctly typed, correctly linked, and ready for analysts to pivot on.

Setting up the Integration

Connecting Feedly to OpenCTI takes about 15 minutes.

Integrate

What it looks like in OpenCTI

Once the connector is running, Feedly intelligence appears in OpenCTI as fully structured reports, each one linked to the entities Feedly extracted, with relationships already mapped in the knowledge graph.

Analysts can pivot directly from a Feedly report to the threat actor profile, explore related malware or campaigns, and correlate Feedly-sourced indicators against internal data, all within OpenCTI's graph interface, without re-entering a single data point.

Conclusion

Feedly Threat Intelligence and OpenCTI are built for each other: one collects and structures intelligence from the open web, the other organizes and operationalizes it. Together, they replace a slow, manual collection process with a continuous, automated intelligence pipeline, from open-source data to a knowledge graph to analyst action.

If you've built an OpenCTI deployment and want to keep it current without burning analyst hours on collection, Feedly is the intelligence source that makes it work.

Feedly Threat Intelligence connects with 10+ security solutions

OpenCTI is one of the many integrations available. Start your free trial and see how Feedly Threat Intelligence connects to your CTI workflow.

Try Feedly Threat Intelligence